Security Audit

INTRODUCTION

Digital business models provide many benefits but they also bring new challenges. Securing your organisation is becoming more difficult as you move workloads to the cloud, become more mobile and connect more devices to the internet. At the same time, cyber attackers are identifying new vulnerabilities to exploit and using more sophisticated techniques. 90% of large businesses had a security breach in 2015, and 66% of small firms have been a victim of cyber-crime in the last two years. Our Security Audit identifies security risks and vulnerabilities in your infrastructure and deviations from best practice. We provide you with a detailed report setting out our findings and recommendations for re-mediating the risks identified. The audit provides a comprehensive series of security checks. These cover your firewall configuration, firewall rule-base and an assessment of firewall vulnerabilities. They also include an external vulnerability scan and an audit of security policy compliance on domain and local machines. In addition, we provide extensive supporting information including asset discovery and configuration reporting for servers and workstations, network diagrams, user controls in place and more.

Our audit report covers the following:

1. Risk Report

• Executive summary of our findings

• Identified risks in order of severity and recommendations

• Security architecture observations and recommendations based on our understanding of your business

2. Firewall Assessment Report

• Best practice security audit, identifying risks in order of severity and recommendations

• List of accessible ports and protocols and exploitable protocols in use

• List of computer login failures

• Physical observations for the site location attended

How long will the audit take and what do you need? As a guide, the scanning and data capture process of the audit, for an environment of 500 endpoints, typically takes 2-3 hours to complete. External vulnerability scanning will take approximately 2 hours, depending on the scope of the scan. Scanning and data capture is non-service affecting and can be performed in or out of hours depending on your preference. The tools are used when onsite and remotely, for which temporary VPN access will be required. Our consultants work closely with your IT team to ensure all required prerequisites are met prior to any activity commencing, thus ensuring smooth operation and delivery of the engagement

If you have not had a security audit in the last two years, we would recommend conducting an audit, or if you are unsure of your risks and would like to speak to a specialist, send us a message and one of our team will be with you shortly.